Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0625Static Code Injection in Spip

5 documents5 sources
Severity
6.4MEDIUMNVD
EPSS
9.7%
top 7.07%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SpipDebian Spip
Timeline
PublishedFeb 9
Latest updateMay 1

Description

Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

debiandebian/spip< spip 2.0.6-1 (bullseye)
Debianspip/spip< 2.0.6-1+2
NVDspip/spip1.8.2d, 1.8.2e, 1.8.2g+2

🔴Vulnerability Details

2
GHSA
GHSA-p4gj-wxqq-wmc7: Directory traversal vulnerability in Spip_RSS2022-05-01
OSV
CVE-2006-0625: Directory traversal vulnerability in Spip_RSS2006-02-09

💥Exploits & PoCs

1
Exploit-DB
SPIP 1.8.2 - 'Spip_RSS.php' Remote Command Execution2006-02-08

📋Vendor Advisories

1
Debian
CVE-2006-0625: spip - Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier all...2006
CVE-2006-0625 — Static Code Injection in Debian Spip | cvebase